exploitDog

CVE-2023-37032

Опубликовано: 21 янв. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized Emergency Number List Information Element.

Ссылки

https://cellularsecurity.org/ransacked
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*:*

Версия до 1.8.0 (включая)

EPSS

Процентиль: 78%

0.01134

Низкий

7.5 High

CVSS3

Дефекты

CWE-787

CWE-78

Связанные уязвимости

GHSA-x9mf-2j92-52jm

CVSS3: 7.5

github

около 1 года назад

A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element.

EPSS

Процентиль: 78%

0.01134

Низкий

7.5 High

CVSS3

Дефекты

CWE-787

CWE-78